A US government agency has confirmed of a data breach which may have compromised personal data on its network.
The Defense Information Systems Agency (DISA) provides IT support and handles secure communications for the president, Vice President Mike Pence, US Secret Service and others.
However, a letter from the agency’s Chief Information Officer Roger Greenwell, sent to an unspecified number of individuals, has disclosed information of a “potential compromise” exposing personal information such as Social Security numbers.
“While there is no evidence to suggest that your PII was misused. DISA policy requires the agency to notify individuals whose personal details may have been compromised,” read the letter.
The letter, originally seen by Reuters, does not disclose what part of the DISA’s network was breached, nor does it identity which individuals may have had their data compromised and how many. However, reports are speculating that as many as 200,000 individuals could be impacted.
The agency is providing free credit monitoring services at no cost to those impacted. In addition, the agency has implemented additional security measures to prevent future incidents, and is adopting new protocols to increase protection of all PII.
“Every network is complex and human error is common regardless of the level of organization. The information compromised seems to be non-critical to the function of the DoD – although very personal and private to the people compromised – so it may have been an external database without the same level of controls as internal secret information,” said Chris Morales, head of security analytics at Vectra to Infosecurity Magazine.
“It is an unfortunate situation and another in a long list of breaches as we head into 2020. Organizations need to get better at how long it takes to be aware of a compromise and how quickly they can respond. Visibility into how systems are used is key.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/